Last night's Census lived up to its most popular hashtag of #CensusFail, with the online portal shutting down at 7:55pm. The Australian Bureau of Statistics confirmed at 11:00pm that the website would continue to stay down until today, and now the reason has been given — the site received no less than four denial of service (DDoS) attacks by overseas hackers, according to the ABS.
This story was originally titled "The Australian Census Website Didn't Just Crash, It Was Hacked" based on the early information we had. It has since been updated since the "hacks" were claimed to be DDoS attacks. - Rae
The security of the Census has been at the forefront of conversation since it was revealed that names and addresses would be retained. With the ABS having no less than 14 data breaches since 2013, security experts, lawyers and politicians have all been calling for a boycott in order to protect citizen's private information.
In a tweet this morning the ABC's Shelley Lloyd confirmed the Census website didn't simply buckle under the weight of Australia's population attempting to log on all at once.
— Shelley Lloyd (@shelleymlloyd) August 9, 2016
The Australian Bureau of Statistics says overseas hackers were the cause of the crash, in what the department believes is a deliberate attack on the Census, rather than the result of millions of Australians trying to log on at the same time. The site was load tested, after all, with a glowing review from ABS's technical director John Citizen.
— Ben Grubb (@bengrubb) August 9, 2016
David Kalisch from ABS said the Australian Signals Directorate are investigating, and while it is "very difficult" to source the attack (since most DDoS attacks are produced by thousands of bots from IPs globally), it it believed to have come from "overseas."
"The online census form was subject to four denial of service attacks yesterday," David Kalisch told the ABC. "The first three caused minor disruption, but more than two million forms were successfully submitted and safely stored."
The DDoS digital attack map shows no attacks on Australia.
This is the DDOS for yesterday (site is US-based hence date). Brazil obviously, usual Asia/Europe/US. pic.twitter.com/VgOgF7VEBM
— Gordy irl (@GordyPls) August 9, 2016
— Nathan Cocks (@ElPrezAU) August 9, 2016
Kalisch confirmed "steps have been taken overnight" to ensure the safety of data already provided. You can find out more about the safety of your data here.
An update from the ABS was expected at 9am, and it came at 9:53:
We’re working to restore the service. We’ll keep you updated.
— Census Australia (@ABSCensus) August 9, 2016
We will also keep you updated as more information comes to light.